from the details-details-details dept

Late on Friday, the NY Times released the most detailed explanation to date of the PRISM system that was revealed on Thursday, claiming that nine of the biggest tech and internet companies were working with the NSA to give them "direct access" to servers. The explanation explains how both the original story was substantially true, as were the "denials," though the denials were (as predicted) a bit of doublespeak. Today, the Guardian revealed another slide from the presentation it has, which clarifies some more details.

Basically, it appears those companies all agreed to make it easier for the NSA to access data that was required to be handed over under an approved FISA Court warrant, and they appear to do this by setting up their own servers where they put that information (and just that information). From the NY Times report:

But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said.

The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.

This is significantly less worrisome than the original Washington Post report, which suggested full real-time access to all servers. That's not quite what has happened, according to this report. This involves cases where the companies really do need to hand over this information. We can disagree with whether or not the FISA Court should issue these warrants, but at some point there may be information that the companies do need to hand over to the government. As for the Guardian, they published the following slide:

As you can see, it notes multiple programs where they can get data. The programs on top are the ones such as the NSA servers installed at telcos to collect all traffic running through them, which have been revealed before. The program on the bottom is PRISM, which clearly states: "collection directly from the servers of these U.S. Service Providers," followed by the already known list. That certainly confirms the "direct access" claim from the original WaPo report, but it could also be true in conjunction with the NY Times report, if you look at it as the companies setting up special servers where they place information they're ordered to hand over via FISA court orders. The "denials" from the companies are also substantially true, as they mean that the NSA isn't getting direct access to all their servers, but rather the ones set up for handing over this information.

The real question should be about what information the FISA Court is approving warrants over:

FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said. There were 1,856 such requests last year, an increase of 6 percent from the year before.

In one recent instance, the National Security Agency sent an agent to a tech company’s headquarters to monitor a suspect in a cyberattack, a lawyer representing the company said. The agent installed government-developed software on the company’s server and remained at the site for several weeks to download data to an agency laptop.

In other instances, the lawyer said, the agency seeks real-time transmission of data, which companies send digitally.

Note just how broad some of those searches may be. Staying around for weeks to download logs? We're not talking about narrowly focused searches here.

Of course, what's now also come out is that, despite Google and Microsoft releasing transparency reports about government requests for data, they don't include FISA requests because of the gag orders on them. It's only recently that both Google and Microsoft were able to include "range" numbers for how many national security letter requests they get. One hopes they're pushing to be transparent on FISA requests as well.

The article makes it clear that Twitter was alone among the companies in refusing to join this program. That does not mean that Twitter does not hand over data to the government when receiving a legitimate FISA order. I'm sure it does. But it does mean that they have not set up a special system to make it easy for the government to just log in and get the data requested. Some people have suggested that the government has little need for Twitter to join the program since nearly all Twitter information is public, but that's not true. There is still plenty of important information that might be hidden, including IP addresses, email addresses, location information and direct messages that the NSA would likely want. Besides, YouTube is a part of the program, and most of its data is similarly "public."

This is not, by the way, the first time that we've seen Twitter stand up and fight for a user's rights against a government request for data. Over two years ago, we pointed out that Twitter, alone among tech companies, fought back when a court ordered it to hand over user info. Twitter sought, and eventually got, permission to tell the user, and allow that user to try to fight back. It later came out that, as part of that same investigation, the government also had requested information from Google and Sonic.net, with Sonic.net fighting back and losing. It never became clear whether Google fought back.

Separately, however, Chris Soghoian has noted that an "unnamed company" fought back and lost against a FISA court order... and that, according to the PowerPoint presentation, Google "joined" PRISM just a few months later. It is possible that Google fought joining the program, and then only did so after losing in court. That said, Google's most recent denial insists that "the government does not have access to Google servers—not directly, or via a back door, or a so-called drop box." Perhaps they don't consider a special server set up for lawfully required information a "drop box," but others certainly might.

In the end, it appears that the initial Washington Post report was overblown in that it suggested direct access to all servers, rather than specific servers, set up to provide information that was required. That said, it is still true that the FISA Court appears to issue a fair number of secret orders for information from a variety of technology companies, some of them quite broad, and that many of the biggest tech companies have set up systems to make it easier to give the NSA/FBI and others access to that info -- though, they are often required by law to provide that information. The real outrage remains that all of this is happening in complete secrecy, where there is little real oversight to stop this from being abused. As we noted just a few weeks ago, the FISA Court has become a rubber stamp, rejecting no requests at all in the past two years.

Given the revelations of the past week, the public (and our representatives) need to demand much more transparency and oversight concerning these surveillance programs.

I've always been a fan of the "from the [variable] department" formulation on Techdirt, so for this week's favorites I've imagined a Techdirt University, with ivy-covered and idiosyncratically-named departments lounging about the campus. Let's take the tour.

First up is the "Why do the thought police always suck at thoughts" department, created in 1957 based on groundbreaking ethnographic work on the members of HUAC. The still unfolding NSA/FISA/PRISM scandal is confirming some of our most plausible fears, but my favorite part of the story is the dopey thinking that always turns out to be behind the mask of secretive state behaviors. This week's examples include a Senator reassuring us that it's always been this way, the Director of National Intelligence saying the real problem with all this spying is everyone talking about it, and Prime Minister Erdogan blaming massive protests on Twitter instead of the actual things that are happening.

If you want a laugh amidst all this, go hunting for Edward Tufte's (and others') tweets mocking the design of a powerpoint presentation about PRISM.

Next up is the department of "Holy Crap How Can Anyone Think Our IP System Doesn't Need Reforming?" or HCHCATOIPSDNR for slightly shorter and much less pronounceable. Students in this department frequently minor in JudicialHorrorshows.

Lindsey Graham doesn't know if we internetty types are covered by the Constitution. Congress just plain gave up on legislating copyright (How great would it be to actually have a statute that defines and protects the public domain as much as it does Mickey Mouse?). Big content is coming out against fair use, and doing it at the expense of blindpeople. Intellectual Ventures continues to fail at being either intellectual or venturing at all, really. And possibly my favorite this week: an assertion of copyright to avoid releasing problematic mugshots.

If that works, maybe in place of suing for slander or libel I'll be able to sue under copyright law. I'd assert that telling other people what I did wrong, no matter how factual their report may be, involves an expression of knowledge of my actions, which by definition infringes on the copyrights I hold on the expression of all acts I perform, be they good, bad, or non-existent.

Nearby the HCHCATOIPSDNR is the parallel department of "Increasingly Sisyphean Efforts At Reform", or I SEAR, for a shorter description of the department itself and also my feelings. Mercifully, a patent judge comes out on the side of the angels. Among those angels is President Obama and also Planet Money. Three cheers for protecting podcasting! And one of our more friendly courts rules that you can in fact make copies of the prior art in academic journals when you're in court to prove that there is some prior art.

Our next stop is the bizarrely well-funded department of "Powerful People Massively Misunderstanding The Internet". I've always wondered why they don't use their research money to get less terrible at this. British politicians are continuing to blame the wrong groups for all the porn. Dan Brown's insights into the history of religion stand him in awesome stead for discussing video games. Australia tries to block one site, and accidentally blocks the sun. And France creates an imagined plague of piracy on iPads and then demands payment from Apple.

Our last full department is that of the "Evil and Sneaky Powers That Be". They have a small brick building on the old campus that formed the original core of Techdirt University, and a surprising number of professors from the department manage to get promoted into administration despite having done frightfully little actual research. This week we've had a look at the weird setups that allow investors to sue entire countries for dubious reasons. We've seen another important treaty head to secret negotiations because.... well, just because, actually. And lastly, Microsoft has attacked the first sale doctrine mainly because old business models need to be protected by the state from changing economic realities. How many more times do you think we'll see someone argue that in our lifetimes?

Next we have two stories from the new and small department of "Intertextual Analysis of Bad Things That Happen". A lot of different issues intersect in the drama of unlocking phones. You have companies lobbying for their interests to be protected through legislation. You have the muddied waters between owning a thing and owning a license to use a thing in only a limited number of ways. And you have lots of people in power who don't really understand what we're talking about in the first place, much less why it inconveniences anyone or how it impacts any legal principle. It's a longstanding story and one worth watching.

There's also the matter of newer, more expensive drugs working less well than the older medicines. This is a really thorny, but very important issue. There are issues of the state of pharmaceutical research, and of the patent restrictions that make drugs extremely profitable. But the trickiest thing is how the money now seems to be in incremental improvements and not in massive medical advances. The free market is often awesome for getting great things to happen, but the incentives the companies have lobbied for, and the pressures to sell more drugs instead of curing more diseases, have muddied the waters. There's a lot going on here, and a lot of weird pressures on a lot of smart people who wake up in the morning trying to cure disease, and I hope that soon we can let them do their jobs the best they can.

And on that hopeful note we'll end our tour of Techdirt University, please visit the admissions office for brochures, and before you take on any debt, remember to call your members of congress and urge them to lower the interest rates on student loans.

from the where-to-go? dept

I don't know why I've been thinking about maps lately -- perhaps it's because I've been traveling, and as this is posted, I'll actually be in an airplane flying home. I've always been a fan of maps -- all kinds of maps -- and can spend an inordinate amount of time looking at various maps. So it's interesting to see a few map or map-related products all show up at the same time on Kickstarter. These days, "maps" for many mean the app they can call up on their smartphone -- but people are doing some fun things with the more old-fashioned kind of maps as well:

We'll start with a cool idea: making Risk-like boards that highlight certain regions. So, rather than the "world" map you see in regular Risk, you can play a Risk-like game in your home city. Of course, as it is they have a limited number of places right now -- but they include San Francisco, New York and a variety of other places as well.

Of course, there's an IP angle here too. The folks who made this don't own the rights to Risk. They're trying to deal with this by (1) being clear that they're obviously building off of Risk (not trying to hide it) and (2) making the game unplayable unless you have an official copy to go along with it and (I think...) use the pieces from the official game. With this project getting greater attention, hopefully Hasbro realizes that it actually helps their brand, rather than hurts it.

,

Next up, we've got Bucketlistmap: Putting the Awesome Back in Maps -- which clearly fits in with our theme here. If you like old maps and their great design, you'll probably really like this one. These guys are trying to take the beautiful design and style of really old maps and update them for a modern era. They've already done really cool world maps for skiing, surfing and football (soccer for us uncultured Americans) and now they want to do a "bucketlistmap," which will be the same sort of thing, but highlighting "the world's most awesome sights, smells, sounds and eats." Definitely click through on this one to check out the pictures.

They've already met their goals on this one though, there's still a single $10,000 option available, in which they'll throw a dart at a map (they don't say if it will be one of their own) and send you to wherever the dart lands on an all-expenses paid trip. I would imagine that might be a bit tricky if it lands in the middle of the ocean somewhere -- or if it ends up in a place where "all expenses" exceed $10,000. Still, I think this one is more for the amusement factor anyway.

Finally, we've got some guys trying to put together Grant Rising: First in a New Series of Civil War Map Books. It's an "atlas" of maps that try to tell the story of Civil War general and one-time US President Ulysses S. Grant. It's an interesting idea. I'd never thought of telling someone's life story through maps.

This one hasn't yet matched its goal, and is still below 50%. I'm guessing that the topic is so specific that it might have a limited audience. You'd need to be interested both in maps and the life of Ulysses S. Grant, and I'm not sure how big the overlapping populations really are. Still, I think it's neat to think about someone's life in the form of a collection of maps.